Wednesday, October 18, 2017

"Can I get a coffee, please?" Although this phrase today is harmless, it has not always been so. The spread of the use of coffee gave rise to numerous controversies among different cultures. In 1511, an Islamist leader came to claim that the true believer couldn´t use it because the Koran didn´t speak of that drink, and called it vice. In the end, good sense triumphed, and coffee, for most mortals, has become one of the most established daily routines.

Although the cybersecurity sector has never been banned, it´s not being easy to be include between other routines and priorities of companies. Cybersecurity has gain strength and is installed now in companies as another basic pillar to take into account when planning a global strategy for the company. As this happens, the jobs that are need to cover have increased. A survey conducted by Jane Bond Project reveals data that reflects the unstable situation of cybersecurity in terms of employment.

On the one hand, there is a shortage of talent available in the sector, which causes an imbalance between supply and demand; on the other hand, traditional methods and techniques used by HR departments are not adapted to the new needs of the cybersecurity sector. One thing that is clear once the survey is done is that the current situation shows an absence of training on the part of HR departments in cybersecurity issues, which hinders recruitment to fill existing vacant posts. This picture gives rise to unusual situations in which the average time needed to fill a vacancy is 6 months and, in some cases, the posts can be discovered for a total of 9 months.

Wang, in charge of the study, points out that in some cases managers regret that the HR department is looking for talent in the wrong place, filling positions with databases and investing in training by the company itself. In other cases pointed out by Wang, the command positions consider that it´s unfair to blame the contractors for the current situation. Taking into account that the security industry is a very specialized sector, with specific language and terms, it´s considered convenient to contract through another route other than traditional HR. The inefficiency of the traditional resources is real and in many cases, when dealing with the profile search situation, the departments responsible for contracting make a "copy and paste" of existing offers, not reflecting the responsibilities of the position.

Another detail that has come to light through this study is the wage irregularity in the sector. 8 out of 10 jobs in the cybersecurity department are paid above the salary range marked in the initial job offer, this is due to the wage increase negotiations provoked by the knowledge of the difficulty that exists to cover this type of jobs: half of the companies interviewed confirmed that they are forced to make salary increases to seal the agreements. These jobs include, but are not limited to: security engineers, product sales engineers, incident response analysts, security operations analyst, and product safety experts.

Although the study doesn´t seek to reflect gender diversity in the post, data have come to light that deserve to be underlined. According to this survey, only 8% of cybersecurity jobs are currently covered by women, and in these cases, professionals in the sector don´t ask for salary negotiations. A very contrary case is the case of men, who ask for salary revisions within a few months of starting work.

The awareness of the business about cybersecurity is growing, thus increasing demand and job positions available. The new problem is how to fill these vacancies. In the history of mankind, it has always taken time to adapt to new trends, and in this case, cybersecurity has already passed the first step, and is beginning to be taken into account. Great progress is being made and the full incorporation of cybersecurity into the basic pillars of business will be possible with a little effort and a cup of coffee, which is not a crime.